Security Manager, Vulnerability Research

GitLab


2 weeks ago

09/04/2019 10:21:23

Job type: Full-time

Category: Software Dev


This position is remote based.

GitLab is building a research team that will focus on improving GitLab’s security detection capabilities, including SAST/DAST and future products. For more information about our security products, please review:  https://about.gitlab.com/direction/secure/ and https://about.gitlab.com/direction/defend/

This team will work directly with the GitLab Security, Development, and Product teams to build, tune and improve the efficacy of GitLab’s stand-alone detection products. 

Managers in the Security Department at GitLab see the team as their product. While they are technically credible and know the details of what vulnerability research engineers work on, their time is spent hiring a world-class team and putting them in the best position to succeed. They own the delivery of security commitments and are always looking to improve productivity. They must also coordinate across departments to accomplish collaborative goals.

As a member of the security team at GitLab, you will be working towards raising the bar on security. We will achieve that by working and collaborating with cross-functional teams to provide guidance on security best practices.

The Security Team is responsible for leading and implementing the various initiatives that relate to improving GitLab's security.

Responsibilities

  • Hire a world class team of vulnerability research engineers to work on their team

  • Help vulnerability research engineers grow their skills and experience

  • Provide input on vulnerabilities, issues, and security features

  • Hold regular 1:1's with all members their team

  • Create a sense of psychological safety on your team

  • Recommend security-related technical and process improvements

  • Author project plans for security initiatives

  • Draft quarterly OKRs

  • Train engineers to screen candidates and conduct managerial interviews

  • Strong sense of ownership, urgency, and drive

  • Excellent written and verbal communication skills, especially experience with executive-level communications

  • Ability to make concrete progress in the face of ambiguity and imperfect knowledge

Requirements

  • You have a passion for security and open source

  • You are a team player, and enjoy collaborating with cross-functional teams

  • You are a great communicator

  • You employ a flexible and constructive approach when solving problems

  • You share our values, and work in accordance with those values

Compensation

Please view the compensation range for this role at the bottom of the position description.


Please mention that you come from Remotive when applying for this job.

Help us maintain Remotive! If this link is broken, please just click to report dead link!

similar jobs

  • 3 weeks ago

    We're looking for a community-centric human to join our remote team to protect our systems and foster a culture of privacy and security in order to protect our community of users.

    At Feeld we are on a mission to normalise sexuality. We are building an inclusive, human-centred product welcoming people in relationships or not to meet like-minded others. Most of the humans in our app look up to us as a safe space where they can explore safely.

    We're looking for a security engineer who likes to wear hats of many colours to help us preserve the privacy and safety of our users, and who understands the importance of this fact.

    As a security engineer, you will be in charge of all things security in the company. You will be the first point of contact for everyone technical and non technical to ensure Feeld's systems are kept safe from threats.

    If you're a list person, here are some of our expectations, listed:

    You:

    • Can help us automating security on our Continuous Integration Pipeline.

    • Protect our infrastructure from Intrusions.

    • Collaborate with Devops to make sure that Developer velocity is maintained.

    • You will create processes to perform security reviews of our architecture.

    • You will be in charge of maintaining and updating our architecture documentation.

    • You have experience managing and evaluating third-party services.

    • You will build and maintain a security incident response plan.

    • You will perform and enforce security code reviews.

    • Establish and enforce security practices across the whole company .

    • Educate developers and provide tools to handle a SDLC.

    • Create a solid onboarding/offboarding process for employees.

    • Assess, list and prioritise security issues.

    • Prepare and evaluate third parties for external security tests.

    • Set up and facilitate our own bug bounty program, internal or external.

    • Create a security policy and expose it on our website.

    • Regularly audit our applications, DNS settings and dependencies.

    Bonus points:

    • interest in working remotely

    • experience with consumer based products

    • Be humble and respectful - no security shaming

    • Create and maintain strong relationships with our Circle Leads

    • Willingness to develop a security + privacy culture

    • Experience training engineers and non-engineers in security skills

    • Attend meetups with other security engineers

    Us:

    Feeld is an independent, experimental and fully remote organisation reshaping the dialogue on dating and sexuality. The company was founded 5 years ago and has evolved since to become the transparent, flat structure it is now. We don't believe in standard management, so we have a naturally agile and fluid culture. The whole team is fully remote, which means you work where and when helps you perform at your best. We're self-managed and treat our organisation as a product – we iterate, improve and test things internally to see what works best for everyone. Some things we provide are:

    • flexible working hours

    • unlimited holidays

    • fully remote

    • annual retreats

    • equity options

    • expense account

    • training budget

    • computer and home office equipment

    • transparency - open data, open salaries, open equity

    • access to the Feeld Flat in Porto, Portugal

    • friendly humans

  • Blockstack is a decentralized computing platform. It’s the easiest way to build decentralized apps that can scale. More info here.

    Blockstack PBC, a public benefit corp, has a mission to enable an open, decentralized internet which will benefit all internet users by giving them more control over information and computation. Blockstack PBC has raised $50M+ in capital to develop core protocols and developer tools for the ecosystem. Being a Public Benefit Corp also means we have goals beyond profit, and that allows us to focus on universal human rights and sharing the value created in our ecosystem.

    Blockstack PBC is headquartered in New York City, with a globally distributed team located across Hong Kong, Gambia, Barcelona, Toronto, and Seattle.

    We’re seeking a technical evangelist to drive awareness and grow adoption of our developer products. Working with the growth team, you’ll come up with strategies to share the benefits of building on Blockstack amongst engineers and app founders in Asia. As an experienced developer, speaker, writer and community leader, you’ll be advocating for a new decentralized internet where users have fundamental digital rights, and a world where apps “Can’t Be Evil.” In this role, you will work closely with developer communities to promote development of apps in the Blockstack ecosystem and grow our open source community.

    You will:

    • Promote the adoption of Blockstack tools and network to developers within and out of the Blockchain space. This may entail sharing technical knowledge and use cases for Blockstack amongst developer communities. 

    • Help to drive strategy for deep evangelization into other communities of developers working on decentralized applications 

    • Participate as a leader in the Blockstack developer community 

    • Partner with our Digital Community Partner, Event Planner and communities across the globe to execute aligned technical events 

    • Publicly speak at developer conferences, meetups and digital events 

    • Directly contribute while soliciting and organizing community contribution to articles, guides, application architecture references, and code 

    • Liaise with internal stakeholders on critical technical alignment - such as engineering and product team 

    • Advocate for developers internally and provide feedback on real-world pain points in the developer journey

    You have:

    • 4+ years of combined experience in either application building, decentralization and distributed systems, other highly technical projects and evangelizing 

    • 1+ years of Open Source Code Compilation, Debugging and Customization 

    • Demonstrated experience in technical writing in articles and solution references, slide presentations, technical demonstration scripts or tutorials 

    • Excellent public speaking skills with 1+ years experience presenting to technical audiences 

    • Diplomatic, knows how to engage on opportunities to align activities for mutual benefit 

    • Comfortable with ambiguity; ready to apply experience and dialog to clarify expectations on-the-fly 

    • Willing to travel 50%, discipline to work from anywhere 

    Preferred Qualifications

    • Familiar with back-end languages and environments like Python and NodeJS, experience with SQL and other database systems 

    • Familiar with front-end languages like Javascript with toolkits like React 

    • Understanding of public-private key encryption protocols 

    • Experience with cloud storage (such as EC2) 

    • Experience working for a rapidly scaling start-up 

    • Active participation in Open Source communities 

    • Active on Stack Overflow 

    • Experience in open source software project(s) with 10+ other contributors

  • 1 month ago

    Datadog is building a world-class APM product that traces requests as they flow across complex systems. We are looking for an expert Go developer who can help push our tracing tools to the next level. Come and join us to build amazing open source software.

    What you will do

    • Write open source code that instruments thousands of distributed applications written in Go around the world.

    • Drive our open source Go projects and engage with the community to find and address the most important challenges.

    • Join a great team building software the right way.

    Who you must be

    • You’re a master Go programmer. You’ve written high-performance and concurrent applications, know your way around `go tool pprof`. You don’t reinvent the wheel but you prefer keeping your code concise and efficient.

    • You are a great community ambassador and can drive hard technical conversations towards a good solution.

    • You want to work in a fast, high growth startup environment.

    • You have a BS/MS/PhD in a scientific field.

    Bonus Points

    • You have significant experience with Python, Java, JavaScript, Ruby or PHP.

    • You have have experience with code telemetry and introspection.

    • You have experience with distributed systems.

Remotive can help!

Not sure how to apply properly to this job? Watch our live webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) ».

Interested to chat with Remote workers? Join our community!